Why do people leave Bluetooth turned on?

Bluetooth, as some of you may already know, is a short-distance (usually around 10 meters) wireless link built into many cellphones. But did you know that it can also be used to make our movements trackable by anyone equipped with a PC and an appropriate receiver? Worse still, many people unnecessarily leave the Bluetooth function on their mobile phone switched on – even when they don’t use it. Not only does this use up your mobile’s battery quicker, but it also leaves your phone open to attacks – and completely stealth attacks at that!

How so? I’ll get to that soon, but first – a bit of information on Bluetooth in general. It certainly has its advantages when it comes to removing short-distance cable spaghetti. For example, Bluetooth is often used for phone-to-phone (or phone-to-PC) wireless data transfer – be it beaming a contact from your address book, a photo or video, an MP3 file, and so on.

It’s also often used for wirelessly streaming voice from a mobile phone to a Bluetooth headset that sits on your ear, or streaming music from your mobile phone’s music player to wireless headphones.

Sure, it’s great to be able to walk down the street with a mobile phone in your pocket or laptop in your backpack yet still be able to listen to tunes on it with some Bluetooth headphones, but keep in mind that anyone will at least be able to view your phone’s Bluetooth name if they’re about 10 meters from you.

You might not think much of that – especially if you’re walking around the city a lot over lunch or after work – but, since phones by default broadcast their Bluetooth names (when Bluetooth is turned on) to anyone and anything within about 10 meters, it actually means that with a few carefully placed receivers, people can track your movements – especially over time.

Take this example as a case in point – all someone needs to do is sit down with an inconspicuous mobile phone or laptop (note: a lot of computer-based Bluetooth receives can scan for devices up to 200 meters away with powerful Class1 transmitters) in a coffee shop, and turn Bluetooth on. Then, they set their device to constantly scan for nearby Bluetooth devices, and store the time of the scan plus the Bluetooth name of the device. Do this from various points in the city or in a busy shopping mall (using a bunch of friends, or whatever), over various times of the day, for a couple of weeks. And what do you have? A pretty good pattern of where you go each day, and what time you go there.

Match it up with GPS data and you can start to fill in a few blanks and draw some pretty cool maps of where people go (and at what time), using Google Earth – but I guess it depends on how far apart all of your friends were at the time of the scan & how accurate the scan data was. It’s by no means an accurate system – because if you have a lot of people in one spot, you’ll never know which one of their phones is the one that has Bluetooth turned on, or even which is which – but it’s an interesting thing to ponder, none-the-less.

Some phone’s also use a default Bluetooth name of the make and model – so if someone nearby is talking or texting on a Nokia N95, and that particular make & model is set as their phone’s Bluetooth name, you can almost guarantee that’s the person you picked up on your scan. With technology only getting better, you can see where I’m going with this.

This isn’t some pie-in-the-sky, big-brother type idea I’ve made up either – it’s real. Vassilis Kostakos, at the University of Bath in the UK, placed four Bluetooth receivers in the city’s centre. Over four months, his team tracked 10,000 Bluetooth phones and was able to “capture and analyse people’s encounters” in pubs, streets and shops.

Despite appearances, it’s not all bad news for Bluetooth. The technology does have some interesting uses, other than the streaming of wireless data or voice. In early 2004, an article made its way around world press claiming that Bluetooth-enabled mobile phones or PDAs were being used to arrange random “encounters” (of the ‘adult’ kind); a practice dubbed “toothing”. Although toothing was originally a media hoax, Bluetooth software that does exactly this, has since sprung up

Bluetooth has also been used in bus-shelter advertisements – even right here in Brisbane (who would’ve thought! hehe…). If you have Bluetooth activated and you walk within 10 meters of a bus-shelter with a Bluetooth-enabled advertisement, you would automatically be sent the ringtone or free music file or whatever the bus-shelter advertisement is meant to send – in my case, it was a free ringtone from Coca Cola. It’s an interesting way of targeting the younger audience, but that was back in 2006, and I haven’t seen a Bluetooth enabled bus-shelter in Brisbane since then. To be honest, I’m not sure what happened with the technology – but drop me a line if you’ve had a similar experience with a bus shelter or other Bluetooth-enabled ad.

With more than 1.5 billion Bluetooth devices currently in circulation, the technology isn’t going away anytime soon either – you can now get clothing with embedded Bluetooth receivers – even sunglasses and bike helmets! So what can you do to protect yourself? A sure-fire way, would be to switch Bluetooth off completely, but that doesn’t really help those who want to use wireless headphones for listening to music, or headsets for taking calls.

How to protect yourself…

• Only turn Bluetooth on when you need to do so. Switch off any “auto-accept” features – having this feature on, will allow anyone to send files to your mobile phone (or other Bluetooth device) without you even knowing about it – especially if your phone is in your pocket or bag and you can’t see the screen!
• Try and change your phone’s Bluetooth name regularly – this prevents people from tracking your movements (via the Bluetooth name, at least) by seeing how many times a day the phone with the same name passes a certain spot – as per this article.
• If you need to have Bluetooth switched on, ensure you don’t use a standard “out-of-the-box” PIN for authenticating other Bluetooth devices – i.e. don’t use “0000” or “1234” – use something completely random, and change it regularly.
• Don’t keep confidential things on your phone in the first place.
• Regularly backup (don’t get me started on the importance of backups) of all of your phone’s contacts, messages & important files (especially those of you who use PDA phones, as I do) – so if your phone does get hacked or penetrated by someone who sends a virus, at least you have a backup to go back to.
• Don’t accept files from people (or devices) you don’t know, or if you’re not expecting them.

Good luck, and happy Bluetoothing!